Seventh. Securing Web-safe HTTPS
Disadvantages of 1.http:
(1) communication using plaintext, content may be tapped
(2) does not verify the identity of the communication party, it is possible to encounter a disguise
(3) the integrity of the message cannot be proved and therefore may have been tampered with.
2. Encryption of communications
(1) HTTP does not have an encryption mechanism, but can be used in combination with SSL or tls, encrypted HTTP communication content, HTTP combined with SSL is called HTTPS
(2) the content is encrypted, that is, the content that needs to be transmitted is encrypted, but this is still possible to tamper with the Content.
3. Do not verify that the communication party may encounter a disguise
SSL not only provides cryptographic processing, but also uses a means known as a certificate that can be used to determine the Party.
3. Unable to prove the integrity of the message, may have been tampered with
4. The General website uses the HTTP to be enough, but involves the security relatively high website or needs the https,http relative to the HTTPS the advantage is the transmission speed is faster,
Less consumption of hardware resources, no need to purchase security certificates, etc.
The eighth chapter confirms the authentication of the Access User's identity
1. password, Dynamic token, digital certificate, bio-certificate, IC card, etc.
2. generally forms-based Authentication.
Secure HTTPS for Web security, authentication of authenticated access users (chapters seventh, Eighth)